Security Now 251

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 251


Security Now 251: Your Questions, Steve's Answers #93

HTTPS vs. HTTP, post-arbitrary code execution, packet routing, iPad “Instant on” debate, and more.

News & Errata

3:45 - 5:36

  • Adobe is reconsidering their quarterly update schedule they will now synchronise with Microsoft's monthly updates

5:37 - 11:15

  • Javascript can determine which tab is opened
  • Javascript could then load a phising site in another tab
  • The user would assume they had opened the other tab themselves in the past and enter their credentials

11:16 - 12:37

  • Multiple ISP are launching class action suits against Google as they accidentally gathered data from open wifi networks

12:38 - 16:45

  • Symantec discovered a database of 44 million gaming login credentials

16:46 - 33:05

  • Steve has two new blog posts
  • He also has a new twitter account just for tablet pc related tweets @sgpad

35:25 - 37:36

  • Google no longer lets employees use computers running Windows

37:37 - 46:40

  • Someone with knowledge of car computer systems wrote in talking about how software he has written for cars have caused them not to start or the dashboard to malfunction
  • He also says about how the systems were designed with no consideration for security and that data sent back from the car to the server is unencrypted

Spinrite Story

33:06 - 35:24 Cathy Zwolski (Minneapolis)

A listener fixed a computer with Spinrite

Questions & Answers

Question: [ 01 ]

51:49 - 01:00:21 Dan (Sioux Falls, South Dakota)
Question: Why don't we use HTTPS throughout the internet ?

Answer: SSL requires the endpoint to have its identity verified in order for it to work properly and verifying the identity of every website and service on the internet isn't currently possible

Question: [ 02 ]

01:00:22 - 01:06:38 Gary Robinson (Magherafelt, Ireland)
Question: What happens after a bad guy has executed their code ? Does the program crash, does it return to normal ?

Answer: Anything the bad guy wants

Comment: [ 03 ]

01:06:39 - 01:09:25 Katie Martin (Dallas, Texas)
Listener Comment: I'd like to hear an entire episode on assembly language he also corrects Steve and Leo on the pronunciation of telseti

Steve's Comment: Interesting

Question: [ 04 ]

01:09:26 - 01:13:01 Lance Reichert (Backwater, NY)
Question: When you do your episode on how the internet works can you explain how routers choose the path a packet takes ?

Answer: Yes

Question: [ 05 ]

01:13:02 - 01:17:18 Chad Masters (Leavenworth, IN)
Question: The iPad is not instant on, you are just coming out of standby

Answer: Steve stands corrected and renames it 'Instant Use'

Question: [ 06 ]

01:17:19 - 01:22:16 Ray Siposs (Irvine, CA)
Question: If you delete files from an encrypted drive do you need to do a secure delete or is a normal delete fine as the drive is already encrypted ?

Answer: If you delete it without going through the trash can e.g. such as with an encrypted folder rather than the whole drive then you do not need to do a secure delete. If you delete the file going through the trash can e.g. you encrypt the whole drive then the you do need to do a secure delete as the bits are only marked as deleted and not removed

Question: [ 07 ]

01:22:17 - 01:26:23 Ben Rexworthy (Bedford, UK)
Question: People are writing in saying how they are using their personal copy of Spinrite on friends computers, however your personal license forbids this. Whats happening ?

Answer: Steve doesn't mind his users fixing their friends and family's computers with Spinrite and says people should use their best judgement

Insecure Hotel WiFi Story of the Week: [ 08 ]

01:26:24 - 01:30:49 Scott (Winters, CA)
Story: I was at a hotel using there free wifi and the corporate computers were also on this network so I could see all of the employees C drives

Steve's Comment: This is really bad as you can probably find all of there past and current customers details

Notable Quotes

Significant Products

Sponsors

Audible

Picks

Audibledotcom.png
The Caves of Steel by Isaac Asimov (ABRIDGED/UNABRIDGED)
Narrated by William Dufris

Production Information

  • Edited by: Tony
  • Notes: re edited 6/21 due to hotel name mention.
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.